CN106060093B - Cloud platform development approach for mobile device - Google Patents

Cloud platform development approach for mobile device Download PDF

Info

Publication number
CN106060093B
CN106060093B CN201610619697.XA CN201610619697A CN106060093B CN 106060093 B CN106060093 B CN 106060093B CN 201610619697 A CN201610619697 A CN 201610619697A CN 106060093 B CN106060093 B CN 106060093B
Authority
CN
China
Prior art keywords
file
cloud
monitoring
request
mobile device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610619697.XA
Other languages
Chinese (zh)
Other versions
CN106060093A (en
Inventor
张俤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Legang Information Technology Co., Ltd.
Original Assignee
Shanghai Legang Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Legang Information Technology Co Ltd filed Critical Shanghai Legang Information Technology Co Ltd
Priority to CN201610619697.XA priority Critical patent/CN106060093B/en
Publication of CN106060093A publication Critical patent/CN106060093A/en
Application granted granted Critical
Publication of CN106060093B publication Critical patent/CN106060093B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of cloud platform development approaches for mobile device, this method comprises: carrying out legitimate verification to the cloud file of mobile device request, request of the isolation to the cloud file if authentication failed, and the cloud file is restored in background data base simultaneously.The invention proposes a kind of cloud platform development approaches for mobile device, have low consumption;High ease for use and scalability;It supports complicated cloud platform system, while protecting the biggish demand of the quantity of cloud platform.

Description

Cloud platform development approach for mobile device
Technical field
The present invention relates to network security, in particular to a kind of cloud platform development approach for mobile device.
Background technique
With the high speed development of internet, establish portal website have become enterprise's outward service window and development mainly become Gesture, still, for various reasons, the construction level of these cloud platforms is also irregular, to bring the peace of many network informations Full problem.Various viruses are frequently broken out, hacker frequently attacks, spam is constantly invaded and harassed, and cloud intrusion event is extremely serious, peace Constantly highlighting for full demand, brings development opportunity and prospect to the development of network security marketplace.However, relative to firewall, The network security products such as antivirus software, the defence product based on cloud platform not yet spread to each mobile client.Traditional is hard Part equipment safety product later maintenance fund is high, and is not easy to manage.
Summary of the invention
To solve the problems of above-mentioned prior art, the invention proposes a kind of cloud platforms for mobile device to open Forwarding method, comprising:
Legitimate verification is carried out to the cloud file of mobile device request, isolation is to the cloud file if authentication failed Request, and the cloud file is restored in background data base simultaneously.
Preferably, the cloud platform system of defense carries out legitimate verification to the cloud file that mobile device is requested, into one Step includes:
When starting the real-time monitoring unit of cloud platform system of defense, by the configuration information of cloud file, digital signature value, text Part characteristic value is read in caching, when mobile device accesses management server, real-time monitoring unit to the request of mobile device into Row parsing is compared with the characteristic value of corresponding document in caching first after obtaining the cloud file of mobile device request, if Current accessed is then directly isolated in authentication failed, while requesting reduction this document to monitoring server;It is carried out if being proved to be successful It verifies in next step, positions the digital signature value of this document in the buffer, computations are carried out to this file if positioning successfully And be compared with the digital signature value in caching, it goes in signature library to read the signature and more of corresponding document again if no-fix It is new to be compared later to caching, if all no-fix successes in signature library, it is determined that this cloud file is suspicious cloud file, together Shi Jinhang isolation access, and write in malicious modification record, it determines that cloud file is normal if equal, cloud file data is returned Back to mobile device, determine that current accessed is isolated by malicious modification in file if unequal, while also to monitoring server request This former cloud file.
Preferably, the described pair of cloud file is restored in background data base, further comprises: being sent out to monitoring server Send alarm and reduction request;Check whether the reliability of reduction request, parameter are correct;Whether monitoring downloading file is in downloading queue Middle presence checks whether the file for needing to download and local signature file are consistent, if file and signature be not identical to management end The state for needing to download file is obtained, if getting this document state is that downloading file is increased to downloading team in downloading In column, stop restoring operation;If from management end read less than download state or download state be idle when, sent out to management end Return the request of original;Timing is monitored the file in downloading queue, and file to be restored is read out from list, The request of monitoring file status is sent to management end, if request is this document also in downloading, skips the processing of this document;Such as The file status that fruit reads is that downloading is completed, and whether monitoring this document and local signature file are consistent, if consistent under It carries and is removed in queue, send the request of also original to management end if not identical;
When file is maliciously deleted, the real-time monitoring unit sends alarm to monitoring server, and circular document is deleted Remove, request automatic reduction, by reduction request be verified after to management end send reduction request, after management end receives request Monitoring server is sent the file to, file is updated;
The real-time monitoring unit timing sends heartbeat message to monitoring server, when monitoring server timing checks current Between the difference of last time be compared with the time cycle for sending heartbeat message, if more than transmission heartbeat message when Between the period, then send warning message notice management end real-time monitoring unit not running;
Management server includes timing scan configuration to the configuration of defence relevant parameter, and the starting time of timing scan is arranged And the timing scan time interval period;Real-time monitoring degree of protection is set, is realized to cloud file, signature file and configuration text The transmission and update of part receive the malicious modification record sent from monitoring server, by the original of backup when invading File is sent to monitoring side and is updated;Monitoring server is used to receive the file from management server publication, and file is same Step is updated to monitoring end application server;The result of timing scan is recorded, log recording in the text, is received from real When monitoring unit monitoring information, and maintain a message queue;Monitor that file by after malicious modification, is sent out to monitoring server Warning message is sent, monitoring server sends a message to management server, and starting scanning thread carries out the file in cloud platform Timing scan.
The present invention compared with prior art, has the advantage that
The invention proposes a kind of cloud platform development approaches for mobile device, have low consumption;High ease for use and expansion Malleability;It supports complicated cloud platform system, while protecting the biggish demand of the quantity of cloud platform.
Detailed description of the invention
Fig. 1 is the procedure chart of the cloud platform development approach according to an embodiment of the present invention for mobile device.
Specific embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing of the diagram principle of the invention It states.The present invention is described in conjunction with such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right Claim limits, and the present invention covers many substitutions, modification and equivalent.Illustrate in the following description many details with Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of cloud platform development approach for mobile device.Fig. 1 is according to the present invention The cloud platform development approach procedure chart for mobile device of embodiment.
The present invention is based on cloud platform systems of defense, can find intrusion behavior in time and can restore in time.Cloud platform defence System carries out invading real-time isolation at the entrance that cloud platform accesses, and carries out in conjunction with file of the monitoring server to malicious modification Reduction and the scanning that cloud platform is timed.System includes monitoring side and management end, and monitoring side is web cluster server, It is deployed in outer net;Management end is monitoring server, is deployed in Intranet.
Memory is read on startup in file signature library by system, maintains common data in memory, and having new data Memory is updated when needing to access.The feature of file is first compared before carrying out signature calculation and verifying, such as file is big Small, file change time etc. is sized each file and carries out fragment calculating, to every using the file encryption of fragment A cloud file adds timestamp, and is also then to add a time interval, the text monitored in preset frequency interval to each file Part does not repeat to monitor, and cloud file is directly returned to mobile device.
The cloud platform system of defense is analyzed by the request to cloud platform mobile device, to the cloud of mobile device request It holds file to carry out legitimate verification, is verified, cloud file is fed back into mobile device, institute is isolated if authentication failed There is the request to the cloud file, and the cloud file is restored in background data base simultaneously;By certain setting, after Platform thread can be scanned the file in management server every preset frequency, and discovery apocrypha then sounds an alarm, and remembers Scanning result is recorded, administrator's processing is waited.
Functional unit in this system is described as follows:
File backup release unit: each cloud file is generated uniquely, no by HASH algorithm by file backup Reversible digital signature, and backup file and its corresponding signature file are stored in management server, while by cloud file Be distributed to monitoring side with signature file, using the legitimate verification as cloud file, in order to safely by the cloud file of backup and Signature file is stored in monitoring server.
Real-time monitoring unit: pass through the verifying of management server to each cloud file of mobile device request.It is logical Signature value compares in the digital document crossed in the value and management server of the digital signature calculating to cloud file, if two values Equal, then cloud file verification is normal, and the cloud file that mobile device is requested is returned to mobile device;If two are worth not phase Deng, it is determined that cloud file is suspicious, and the cloud file of request is not sent to mobile device, while managing monitoring server from trend Send reduction cloud file request.
Timing scan unit: timing carries out scan round to the cloud file in management server in monitoring server, And the cloud platform in management server is scanned at predetermined time intervals.
Result treatment unit: check that monitoring server sweeps management server cloud platform in management end monitoring server Retouch result;It is operated it was found that apocrypha can be restored, deleted and be increased for legitimate files etc., is increased to legitimate files Cloud file can back up it, and generate signature file;It can be managed and can check maliciously for legitimate files to increasing Modification record.
Increase a defence unit in management server, and the access each time of mobile device is all verified.First Using HASH algorithm to file generated digital signature, and file and signature are published to by management server by document distribution system On, mobile device accesses the file in management server, and defence unit obtains mobile device solicited message, mobile device is requested Cloud file by digital signature authentication, mobile device is returned to if being proved to be successful, if authentication failed immediately every From, while backstage being notified to restore this cloud file.
In above process, the present invention combines document distribution system that each release tasks are all generated with one at random first Value splices this on the head of the file stream of each reading when being digitally signed calculating to the All Files specifically issued HASH calculating is carried out to this segment file stream again after section random value.Simultaneously by random value by the way of asymmetric encryption to this with Machine value encrypt and random value is published to monitoring side.Pass through the decryption to random value when file is verified in monitoring side Afterwards, the head for being spliced to file carries out HASH calculating and is verified.To file carry out fragment encryption by way of come It solves, if subsequent fragment does not all need to be calculated, to server in n-th of fragment discovery file by malicious modification On cloud platform carry out the setting of degree of protection, different grade is realized using the side for increasing different cloud platforms timestamp Formula.In each monitoring if it find that the monitoring time of current this document and the upper time once monitored are in this timestamp scope It is interior, then not file is verified, cloud file is directly fed back into mobile device.It is first right before carrying out HASH verifying to file The characteristic attribute of file is verified.
The present invention realizes timing scan using two threads, and a thread is responsible for obtaining document queue, and a thread is responsible for Verifying.Document queue can keep a upper limit, and when the upper limit more than setting, this can then enter suspend mode, guarantee that memory size is in this way Certain.Timing scan can be scanned cloud platform by setting cycle period and circulation initial time, while can It is scanned with selecting any catalogue.Corresponding record can all be had by scanning each time, mobile device can by management end come Scanning result is handled, timing scan result can deletion, restore and enhance trust by way of handled.
Management server realizes the configuration to defence relevant parameter, including timing scan configuration, setting in defence configuration The starting time and timing scan time interval period of timing scan;Real-time monitoring degree of protection is set, realization pair is also used to The transmission and update of cloud file, signature file and configuration file receive the malicious modification note sent from monitoring server Record, sends monitoring side for the original document of backup when invading and is updated;By the way that enhance trust can be right after timing scan Apocrypha generates signature, is revised as legitimate files;The information that will be invaded every time, scanning result information, result treatment information is all It is stored in database.
Monitoring server is used to receive the file from management server publication, and synchronously renewing file is applied to monitoring side Server;The result of timing scan is recorded, log recording in the text, receives the monitoring letter from real-time monitoring unit Breath, and maintain a message queue;Monitor that file by after malicious modification, sends warning message, monitoring clothes to monitoring server Business device sends a message to management server.Scanning is timed to the file in cloud platform.In monitoring server starting, it is System starting scanning thread, can then be scanned the cloud file on server when sweep time reaches.When discovery monitoring side prison When survey unit is out of service, information request is sent to management end and opens defence unit.
Real-time monitoring unit is disposed on the management server, and timing scan unit is deployed in monitoring server.Monitoring side Mobile device request is received, file is verified, timing cycle scanning sends invasion information and reduction request, while listening for The heartbeat etc. of Real-time defence unit;Management end is on the defensive configuration to system, log management, and to timing scan result at Reason.
System carries out carrying out safety backup to cloud file by file backup in management server and generates digital signature library.It is logical It crosses management end and three kinds of defence grade settings, respectively highest level, optimal grade, the lowest class is carried out to cloud platform, according to cloud Situations such as access of platform and attack frequency sets itself.Highest level does not add timestamp file, all carries out to each access Verifying.Optimal grade increases timestamp to file, if the lowest class time interior file, which was verified, once will no longer test Card, according to the starting time of the access situation sets itself timing scan of cloud platform, and can set by preset frequency interval to cloud End file is scanned, and cloud file, configuration file and file signature library are published to monitoring clothes by management end file distributing Business device.The monitoring being on the defensive simultaneously to the file of cloud platform is scanned by real-time monitoring and timing cycle after system starting.
Real time monitoring function is embedded into management server by real-time monitoring unit, is carried out with the data to disengaging server Stringent control, and independent monitoring process is not present, this ensure that hacker can not terminate this monitoring unit, and sending out The access of the reduction of invasion file and isolation invader can be timely carried out when existing intrusion behavior.
In real-time monitoring unit starting, real-time monitoring unit is by the configuration information of cloud file, digital signature value, file The parameters such as characteristic value are read in caching.When mobile device accesses management server, real-time monitoring unit can be to mobile device Request is parsed.After obtaining the cloud file of mobile device request, the characteristic value first with corresponding document in caching is compared Compared with, if authentication failed directly be isolated current accessed, while to monitoring server request restore this cloud file.If verifying It is successful then carry out next step verifying.Then the digital signature value for positioning this document in the buffer again, to this if positioning successfully File carries out computations and is compared with the digital signature value in caching, goes in signature library to read phase again if no-fix It answers the signature of file and is compared after updating to caching, if all no-fix successes in signature library, it is determined that this cloud file It is suspicious cloud file, while carries out isolation access, and writes in malicious modification record.Cloud file is being determined just if equal Often, cloud file data is returned into mobile device, determines that by malicious modification, current accessed is isolated, together in file if unequal When to monitoring server request restore this cloud file.
Normal access process are as follows: when mobile device accesses cloud platform, management server receives mobile device request Message, real-time monitoring unit obtain mobile device access request, the content of Location Request cloud file.By the text for defending unit Part verification process is verified.If be proved to be successful, show that the cloud file is not invaded, real-time monitoring unit can pass through Current access request, and request cloud file is returned into mobile device.
Wherein, file verification process includes obtaining mobile device access request, the content of Location Request cloud file.It is first Whether the attribute value for first comparing file is equal.Determine file by malicious modification, authentication failed if unequal.It is checked if equal It whether there is the digital signature of this file in caching.It then goes in signature library to search if it does not exist, if this is also not present in signature library File signature, it is determined that this file is apocrypha, authentication failed.Then the signature of this file is updated in such as caching if it exists, Then the digital signature for calculating accessed file is compared.If comparing inconsistent, it is determined that this file is modified, and verifying is lost It loses.If comparing consistent, it is determined that this file is normal, is proved to be successful.
If content executes following procedure by malicious modification: if authentication failed, it is determined that the cloud file is maliciously repaired Change, current accessed can be isolated in real-time monitoring unit, be simultaneously emitted by alarm, send request and restore this cloud file, while recording day Will returns to miscue.
Wherein reduction process includes: that real-time monitoring unit returns to miscue, and cuts off this visit.Real-time monitoring unit Alarm and reduction request are sent to monitoring server.Check whether the reliability of reduction request, parameter are correct.Monitoring downloading file Whether exist in downloading queue, and if so, not needing to be downloaded restoring operation.Check the file for needing to download and this Whether ground signature file is consistent, signs identical with file, does not need to be downloaded operation.If file and sign it is not identical to Management end obtains the state for needing to download file, if getting this document state is that downloading file is increased in downloading It downloads in queue, stops restoring operation.If from management end read less than download state or download state be idle when, Xiang Guan Manage the request that end sends also original.Timing is monitored the file in downloading queue, reads out from list to be restored File, to management end send monitoring file status request, if request be this document also in downloading, skip this document Processing.If the file status read is that downloading is completed, whether monitoring this document and local signature file are consistent, if one It causes then to remove from downloading queue, sends the request of also original to management end if not identical.
If file is deleted, real-time monitoring unit sends alarm to monitoring server, and circular document is deleted, and request is certainly Dynamic reduction.By reduction request be verified after to management end send reduction request, management end receive request after file is sent out It is sent to monitoring server, updates file.
If desired the catalogue or file enhanced trust are legitimate files, then increase this file or catalogue in white list management Add as legitimate files.Management end sends message to monitoring server at this time, and the file in message is carried out signature calculation and is generated Signature file.Legitimate files can be then confirmed to be when accessing this file again.
Real-time monitoring unit timing sends heartbeat message to monitoring server.Monitoring server timing is checked in current time The difference of time is compared with the time cycle for sending heartbeat message, sends week time of heartbeat message if more than Phase then sends warning message notice management end real-time monitoring unit not running.Management end is handled after receiving warning message.
Timing cycle scanning element starts two threads in monitoring server.One thread is responsible for carrying out listed files Management, starts the management that a thread exclusively carries out document queue.A maximum value is set for document queue, when document queue is long Then by this thread suspend mode when degree is equal to maximum value, the length of pending file queue is less than maximum value, then continues growing file column Table.Another thread obtains file from document queue, the comparison of part characteristic value and digital signature value of composing a piece of writing of going forward side by side, when queue is long When degree is 0, this process carries out suspend mode, and waiting list fills file.
Request to the HTTP of web server may further include authentication, purview certification, request verification, network address The stages such as redirection, each stage call corresponding function to be handled.The character string of hexadecimal format is restored again For original character string, the character of redundancy in URI is rejected.For the network address of request, Web server searches current configuration information In whether have configuration for the network address., network address is written over, it can be when the storing path of demand file be changed Time avoids the network address externally provided from being modified.If there is symbol connection in the paths, need to handle in resource impact.To Mobile device end determines head response before sending response.
In conclusion there is low consumption the invention proposes a kind of cloud platform development approach for mobile device;Gao Yi With property and scalability;It supports complicated cloud platform system, while protecting the biggish demand of the quantity of cloud platform.
Obviously, it should be appreciated by those skilled in the art, above-mentioned each unit of the invention or each steps can be with general Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed Network on, optionally, they can be realized with the program code that computing system can be performed, it is thus possible to they are stored It is executed within the storage system by computing system.In this way, the present invention is not limited to any specific hardware and softwares to combine.
It should be understood that above-mentioned specific embodiment of the invention is used only for exemplary illustration or explains of the invention Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing Change example.

Claims (2)

1. a kind of cloud platform development approach for mobile device characterized by comprising
Legitimate verification is carried out to the cloud file of mobile device request, is isolated if authentication failed and the cloud file is asked It asks, and the cloud file is restored in background data base simultaneously;
The cloud platform system of defense carries out legitimate verification to the cloud file that mobile device is requested, and further comprises:
It is when starting the real-time monitoring unit of cloud platform system of defense, the configuration information of cloud file, digital signature value, file is special Value indicative is read in caching, and when mobile device accesses management server, real-time monitoring unit solves the request of mobile device Analysis is compared with the characteristic value of corresponding document in caching first after obtaining the cloud file of mobile device request, if verifying Current accessed is then directly isolated in failure, while requesting reduction this document to monitoring server;It is carried out if being proved to be successful next Step card, in the buffer position this document digital signature value, if position successfully to this file progress computations and with Digital signature value in caching is compared, and goes to read the signature of corresponding document in signature library again if no-fix and update is arrived It being compared after caching, if all no-fix successes in signature library, it is determined that this cloud file is suspicious cloud file, while into Row isolation access, and write in malicious modification record, it determines that cloud file is normal if equal, cloud file data is returned to Mobile device determines that current accessed is isolated by malicious modification in file if unequal, while restoring this to monitoring server request Cloud file.
2. the method according to claim 1, wherein the described pair of cloud file is gone back in background data base Original further comprises: sending alarm and reduction request to monitoring server;Check the reliability of reduction request, whether just parameter Really;Whether monitoring downloading file exists in downloading queue, checks whether the file for needing to download and local signature file are consistent, If file and the not identical state for being obtained to management end and needing to download file of signing, if getting this document state is under In load, downloading file is increased in downloading queue, restoring operation is stopped;If read from management end less than download state or When download state is idle, the request of also original is sent to management end;Timing is monitored the file in downloading queue, from File to be restored is read out in list, to management end send monitoring file status request, if request be this document also In downloading, the processing of this document is skipped;If the file status read is that downloading is completed, monitoring this document and local signature Whether file is consistent, removes from downloading queue if consistent, sends if not identical to management end and go back asking for original It asks;
When file is maliciously deleted, the real-time monitoring unit sends alarm to monitoring server, and circular document is deleted, asks Seek automatic reduction, by reduction request be verified after to management end send reduction request, management end receive request after will be literary Part is sent to monitoring server, updates file;
The real-time monitoring unit timing sends heartbeat message to monitoring server, and monitoring server timing is checked in current time The difference of time is compared with the time cycle for sending heartbeat message, sends week time of heartbeat message if more than Phase then sends warning message notice management end real-time monitoring unit not running;
Management server to defence relevant parameter configuration include timing scan configuration, be arranged timing scan the starting time and The timing scan time interval period;Real-time monitoring degree of protection is set, is realized to cloud file, signature file and configuration file It sends and updates, the malicious modification record sent from monitoring server is received, by the original document of backup when invading Monitoring side is sent to be updated;Monitoring server is used to receive the file from management server publication, more by file synchronization It is new to arrive monitoring end application server;The result of timing scan is recorded, log recording in the text, is received from prison in real time The monitoring information of unit is surveyed, and maintains a message queue;Monitor that file by after malicious modification, sends to monitoring server and reports Alert information, monitoring server send a message to management server, and starting scanning thread is timed the file in cloud platform Scanning.
CN201610619697.XA 2016-07-29 2016-07-29 Cloud platform development approach for mobile device Active CN106060093B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610619697.XA CN106060093B (en) 2016-07-29 2016-07-29 Cloud platform development approach for mobile device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610619697.XA CN106060093B (en) 2016-07-29 2016-07-29 Cloud platform development approach for mobile device

Publications (2)

Publication Number Publication Date
CN106060093A CN106060093A (en) 2016-10-26
CN106060093B true CN106060093B (en) 2019-07-05

Family

ID=57196867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610619697.XA Active CN106060093B (en) 2016-07-29 2016-07-29 Cloud platform development approach for mobile device

Country Status (1)

Country Link
CN (1) CN106060093B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107026841B (en) * 2016-11-24 2021-07-30 创新先进技术有限公司 Method and device for publishing works in network
CN106815716B (en) * 2016-12-31 2018-04-10 重庆傲雄在线信息技术有限公司 A kind of electronic record file forming method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101377751A (en) * 2007-08-30 2009-03-04 周宏建 Method for protecting computer working document
CN101540755A (en) * 2008-03-18 2009-09-23 华为技术有限公司 Method, system and device for recovering data
CN103067522A (en) * 2013-01-10 2013-04-24 东莞宇龙通信科技有限公司 Data management method and system and mobile terminal based on cloud end server
CN103577503A (en) * 2012-08-10 2014-02-12 鸿富锦精密工业(深圳)有限公司 Cloud file storage system and method
CN105208115A (en) * 2015-09-01 2015-12-30 南京伍安信息科技有限公司 Network-based file separate storage and transmission management system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8676763B2 (en) * 2011-02-08 2014-03-18 International Business Machines Corporation Remote data protection in a networked storage computing environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101377751A (en) * 2007-08-30 2009-03-04 周宏建 Method for protecting computer working document
CN101540755A (en) * 2008-03-18 2009-09-23 华为技术有限公司 Method, system and device for recovering data
CN103577503A (en) * 2012-08-10 2014-02-12 鸿富锦精密工业(深圳)有限公司 Cloud file storage system and method
CN103067522A (en) * 2013-01-10 2013-04-24 东莞宇龙通信科技有限公司 Data management method and system and mobile terminal based on cloud end server
CN105208115A (en) * 2015-09-01 2015-12-30 南京伍安信息科技有限公司 Network-based file separate storage and transmission management system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
具有入侵容忍能力的数据库隔离与查询机制研究;李玲;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150215;第6,31-33页

Also Published As

Publication number Publication date
CN106060093A (en) 2016-10-26

Similar Documents

Publication Publication Date Title
US7310817B2 (en) Centrally managed malware scanning
US9467465B2 (en) Systems and methods of risk based rules for application control
US6892303B2 (en) Method and system for caching virus-free file certificates
US11153341B1 (en) System and method for detecting malicious network content using virtual environment components
US6986051B2 (en) Method and system for controlling and filtering files using a virus-free certificate
AU2019246773B2 (en) Systems and methods of risk based rules for application control
JP5809084B2 (en) Network security system and method
US8316442B2 (en) Preventing secure data from leaving the network perimeter
US8874685B1 (en) Compliance protocol and architecture
US20140201843A1 (en) Systems and methods for identifying and reporting application and file vulnerabilities
US20100332593A1 (en) Systems and methods for operating an anti-malware network on a cloud computing platform
US8060920B2 (en) Generating and changing credentials of a service account
US9727424B2 (en) System and method for maintaining server data integrity
CN113010911A (en) Data access control method and device and computer readable storage medium
US20060064754A1 (en) Distributed network security service
CN113572746B (en) Data processing method, device, electronic equipment and storage medium
JP2012526501A (en) Network contents tampering prevention equipment, method and system
CN105528543A (en) Remote antivirus method, client, console and system
US6976271B1 (en) Method and system for retrieving an anti-virus signature from one or a plurality of virus-free certificate authorities
CN106060093B (en) Cloud platform development approach for mobile device
CN108229162A (en) A kind of implementation method of cloud platform virtual machine completeness check
CN106060094B (en) Cloud computing method for mobile client
CN106304067A (en) High in the clouds data processing method for mobile Internet
Jain Lateral movement detection using ELK stack
US20230418933A1 (en) Systems and methods for folder and file sequestration

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20190531

Address after: Unit 701-002, 701 Zone, No. 88 Keyuan Road, China (Shanghai) Free Trade Pilot Area, Pudong New Area, Shanghai, 201203

Applicant after: Shanghai Legang Information Technology Co., Ltd.

Address before: 610000 North Tianfu Avenue, Chengdu High-tech Zone, Sichuan Province, 1700, 1 building, 2 units, 18 floors, 1801

Applicant before: Chengdu light horse Network Technology Co. Ltd.

GR01 Patent grant
GR01 Patent grant